Book contents
- Frontmatter
- Contents
- Foreword
- Preface
- 1 Introduction
- 2 Moving to Proactive Cyber Threat Intelligence
- 3 Understanding Darkweb Malicious Hacker Forums
- 4 Automatic Mining of Cyber Intelligence from the Darkweb
- 5 Analyzing Products and Vendors in Malicious Hacking Markets
- 6 Using Game Theory for Threat Intelligence
- 7 Application: Protecting Industrial Control Systems
- 8 Conclusion
- Glossary
- References
- Index
5 - Analyzing Products and Vendors in Malicious Hacking Markets
Published online by Cambridge University Press: 06 April 2017
- Frontmatter
- Contents
- Foreword
- Preface
- 1 Introduction
- 2 Moving to Proactive Cyber Threat Intelligence
- 3 Understanding Darkweb Malicious Hacker Forums
- 4 Automatic Mining of Cyber Intelligence from the Darkweb
- 5 Analyzing Products and Vendors in Malicious Hacking Markets
- 6 Using Game Theory for Threat Intelligence
- 7 Application: Protecting Industrial Control Systems
- 8 Conclusion
- Glossary
- References
- Index
Summary
Introduction
Chapter 3 introduced darknet hacker communities and marketplaces, with Chapter 4 presenting a system for gathering data from these sites. In this chapter, we extend the work from [70], presenting techniques to analyze the aggregated dataset, with a goal of providing rich cyber threat intelligence. We identify and analyze users that participate in multiple online communities, look at some of the high-priced zero-day exploits for sale, discuss how governmentassigned vulnerability identifiers are used to indicate a product's target, and use unsupervised learning to categorize and study the product offerings of 17 darknet marketplaces. For product categorization, we use a combination of manual labeling with clustering techniques to identify specific categories. Through a series of case studies showcasing various findings relating to malicious hacker behavior, we hope to illustrate the utility of these cyber threat intelligence tools.
The price of a given product on a darknet marketplace is typically indicated in Bitcoin. The BTC to USD conversion rate is highly volatile. At the time of writing, the Bitcoin to USD conversion rate was $649.70 to 1 BTC, whereas during the experiments discussed during this chapter, which occurred only a few months prior to the writing of this book, the conversion rate was $380.03 to 1 BTC.
The goal of a cyber threat intelligence system is to aid cybersecurity professionals with their strategic cyber-defense planning and to address questions such as:
1 What vendors and users have a presence in multiple darknet/deepnet markets/forums?
2 What zero-day exploits are being developed by malicious hackers?
3 What vulnerabilities do the latest exploits target?
4 What types of products are exclusive to certain vendors and markets?
After aggregating the hacking-related products and hacking-related discussions from a number of darknet marketplaces and forums, respectively, we can begin answering these questions via an in-depth analysis of the data in order to provide a better understanding of the interactions within and between these communities.
Marketplace Data Characteristics
In this section, we describe the dataset used in this chapter. We examined the hacking-related products from 17 darknet marketplaces, finding many products that were cross-posted between markets, often by vendors of the same username. Figure 5.1 shows the count of vendors using the same screen-name across multiple marketplaces and Table 5.1 displays the dataset statistics, after removing duplicates (cross-posts).
- Type
- Chapter
- Information
- Darkweb Cyber Threat Intelligence Mining , pp. 56 - 66Publisher: Cambridge University PressPrint publication year: 2017